DuckDuckGo: The browser lets Microsoft trackers track you

According to a recent security audit of the DuckDuckGo privacy browser for iOS and Android by security researcher Zach Edwards, the browser allows Microsoft trackers to be used on websites while blocking all others.

The main feature of the DuckDuckGo browser is that it blocks tracking scripts and most online advertising to prevent your behavior from being collected by as few servers as possible. Tracking protection is never 100% effective because it depends on people continuing to blacklist sites and domains, but it can end up being much weaker than expected.

Zach Edwards, data privacy and supply chain researcher, explained on Twitter that the DuckDuckGo mobile browser does not prevent data from being transmitted to Microsoft servers, although the app can block trackers from Google or Facebook. DuckDuckGo also recently banned Android apps from spying on you.

DuckDuckGo won’t ultimately protect you from all trackers

While DuckDuckGo promises privacy to users of its Android, iOS, and macOS browsers, it does allow some data from third-party websites to be transferred to services owned by Microsoft. Indeed, the DuckDuckGo browser has defined an exception for ad networks and tracking scripts owned by Microsoft, allowing them to load even if they are known to violate user privacy.

dakdakgo maps Credits: DuckDuckGo

According to Zach Edwards research on the DuckDuckGo browser on Android and iOS, there is a whitelist where Microsoft trackers are indeed excluded from blocking. Those are the ones used in Microsoft offerings like LinkedIn and Bing, Edwards said.

DuckDuckGo mentions cases where Microsoft receives information about users, but this only applies to direct interaction with its services. On the other hand, the exclusion list also applies if the user is on third-party websites and, for example, the LinkedIn tracker is integrated there. The data is then sent to Microsoft when users browse, for example, Facebook’s parent company Meta’s page. So, this directly contradicts the company’s claims that it is the most secure browser that cares about your data.

See also: No, DuckDuckGo does not prevent its users from going to pirate sites

DuckDuckGo responds to its browser privacy controversy

In his response to Edwards, the CEO of DuckDuckGo pointed out that the company’s partnership with Microsoft was public, insisting that “Microsoft Advertising does not link your click behavior to a user profile.” According to the manager, this confidential agreement, the details of which are unknown, does not in any way affect the quality of his search engine.

“To block non-search trackers (like in our browser), we block most third-party trackers. Unfortunately, our search syndication agreement with Microsoft does not allow us to do more for Microsoft-owned properties. However, we are making continuous efforts and hope to do more soon,” the CEO of DuckDuckGo continued.

For its part, the company added that it cannot promise complete anonymity to browser users, but has gone much further than Safari, Firefox and other browsers, blocking most trackers before they run on third-party websites.

This new report doesn’t look like good news for a company that is so passionate about preaching the public’s right not to be tracked online. This privileged mode, provided by Microsoft, may well cause a lot of backlash among browser users who have used it feeling secure.

So this contradiction probably won’t help users maintain trust in the browser. It seems that it is rather difficult to expect anonymity on the Internet and to trust products focused on privacy now. For those who still want to try this experience, DuckDuckGo recently launched a new web browser for MacOS and we’ll explain how to install it.

Back to top button